How to create a custom F-Secure PSB Computer Protection profile to allow VPN traffic through the fir

This discussion has a more recent version.

Issue:

  • After installing Computer Protection, VPN connection stopped working and is blocked by the firewall feature.
  • How to create a custom PSB Computer Protection profile to allow the VPN connection?
  • Which ports need to be opened to allow PPTP, L2TP and IPSec VPN connection through the firewall?

Resolution:

In this case you have to start by creating a custom profile which can be edited.

Creating a custom profile:

  1. Log in to the PSB Portal
  2. Go to the Profiles page
  3. Select Computer Protection
  4. Select the circular symbol with three dots in the middle next to the profile you want to clone
  5. Press on clone profile
  6. Enter a name and label of the new custom profile

After creating a custom profile for Computer Protection, you can start creating new firewall rules.

Creating a new VPN firewall rule:
  1. Select the profile you want to use
  2. Select Firewall
  3. Go to Firewall rules and select add rule
  4. Enter a name and description of the rule, e.g Allow VPN
The ports and protocols that need to be allowed vary between each VPN connection type. Verify with your VPN provider the type of VPN connection you are using. 

To allow common PPTP VPN traffic:
  • Allow PPTP tunnel maintenance traffic, open outbound TCP port 1723
  • Allow PPTP tunneled data to pass through router, open outbound protocol 47 (GRE)

To allow common IPSec VPN traffic:
  • Allow Internet Key Exchange (IKE), open UDP port 500 inbound and outbound
  • Allow IPSec Network Address Translation (NAT-T), open UDP port 4500 inbound and outbound
  • Allow Encapsulation Security Payload protocol (ESP), open protocol 50 inbound and outbound
  • Allow Authentication Header protocol (AH), open protocol 51 inbound and outbound

To allow common L2TP VPN traffic: 
  • Allow L2TP traffic, open UDP port 1701 inbound and outbound
  • Allow protocol 115 inbound and outbound

Once the firewall rules have been created, the profile needs to be assigned to the target devices. 

Assigning a profile:
  1. Go to the Devices page
  2. Choose the device(s) to which you want to assign a profile to
  3. Click on Assign > Assign profile 
  4. Select the profile with the VPN firewall rules and click Assign

Article no: 000002583

Sign In or Register to comment.